PHP new vulnarabilities
Paul Schmehl
pauls at utdallas.edu
Sun Oct 15 11:04:09 PDT 2006
--On October 15, 2006 12:39:11 PM -0500 Jonathan Horne <freebsd at dfwlp.com>
wrote:
>
> ive been scratching my head on this one for a few days too. i have a
> box at home, that is running 6.2-PRERELEASE. when i try to install the
> lang/php5 port, i get:
>
> [root at athena /usr/ports/lang/php5]# make install clean
> ===> php5-5.1.6_1 has known vulnerabilities:
> => php -- open_basedir Race Condition Vulnerability.
> Reference:
> <http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a
> 62df.html> => Please update your ports tree and try again.
> *** Error code 1
>
> Stop in /usr/ports/lang/php5.
>
> however, my server is running the same port, with no issue whatsoever.
>
That's because you installed the port on the server *before* the
vulnerability was found.
> [root at zeus /etc/mail]# pkg_info | grep php5
> php5-5.1.6_1
> (and many extensions too)
>
> perplexing that one box could have it, while another one (using the same
> updated ports tree), refuses it. could be related to the code branch im
> following on my workstaion versus my server?
>
No. It's related to the timing of when a security vulnerability was
discovered.
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
More information about the freebsd-questions
mailing list